False positives detection on website video players?

[Mr.Wong 2]

hxxps://animedao.com/

Click on one of the anime series, and I get two false positives detection for video players implemented on the site.

 

[Nightowl 202]

Did you try using an adblocker?

[SeriousHoax 83]

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

[Nightowl 202]

1 hour ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

[SeriousHoax 83]

3 hours ago, Rami said:

With the uMatrix statement that you have said , means that when uMatrix is blocking JS then ESET detects nothing because there are no JS being loaded , while you go to Edge and have JS loaded , then ESET blocks JS script from loading.

I believe that the website may have malicious codes.

Yes, that's right.

[Nightowl 202]

4 minutes ago, SeriousHoax said:

Yes, that's right.

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good

[SeriousHoax 83]

8 minutes ago, Rami said:

These websites tend to have lot of advertising , while their ads might contain some kind of JS loads , even if the website is safe , it might be malicious ads' servers , or might be the website is hijacked.

Keep your uMatrix , it's good

Yes, it seems a lot of threats spread through JS nowadays. So, something like uMatrix/Nocript/uBlock Origin in medium mode is another added layer of protection. So for me, uBlock Origin with a good amount of filters, uMatrix and there's also Eset of course 😎

[Mr.Wong 2]

14 hours ago, Rami said:

Did you try using an adblocker?

 

11 hours ago, SeriousHoax said:

Actually, it's not detecting the video player as malicious but rather a malicious javascript that the site is loading. My Firefox has uMatrix installed that blocks third party scripts loading so I don't see this warning from Eset and the video plays fine but in Microsoft Edge, I only have an adblocker but not uMatrix and there Eset is showing that it has detected and removed the script. So, not a false positive I think, rather a unsafe javascript.

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

[itman 1,659]

37 minutes ago, Mr.Wong said:

I have Ublock Origin in medium mode and latest filters update, but ESET still detect them.

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

[Mr.Wong 2]

On 6/30/2019 at 6:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

Should I enable these two video players on the site or no? 

[itman 1,659]

38 minutes ago, Mr.Wong said:

Should I enable these two video players on the site or no? 

No. At this point, it is not known if the Eset's alerts are legitimate or not.

Open Eset GUI. Select Tools. Then refer to the below screen shot to report what you beleive is a false positive detection for the web site:

[Marcos 5,071]

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

[Mr.Wong 2]

On 7/2/2019 at 2:24 PM, Marcos said:

JS/Adware.AA is a correct detection. If you want to contact ESET's security research lab, email samples[at]eset.com if you would like to get a response. However, in this case it's not needed since a reply would be same.

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

[Marcos 5,071]

9 minutes ago, Mr.Wong said:

So the second picture detection is correct, and what about the first picture detection? Is it a false positive?

It's correct too. Both detections seem to be related to aggressive ads.

[peteyt 393]

On 6/30/2019 at 11:54 PM, itman said:

Ublock won't detect this stuff unless you enable JavaScript blocking. This is turn will break most web sites you access.

Eset's protection alone is adequate to protect you against web site Javascript malware.

 

On 7/2/2019 at 6:09 PM, Mr.Wong said:

Should I enable these two video players on the site or no? 

I dont use ublock so not sure how it works but can you disable javascript for specfic sites only e.g. for this video site that way it wouldnt be trying to load it as an extra precaution or could this possibly disable the player?